Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unused preprod TUF GCS bucket #1251

Merged
merged 1 commit into from
Sep 4, 2024
Merged

Remove unused preprod TUF GCS bucket #1251

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion terraform/gcp/modules/sigstore/sigstore.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@ module "tuf" {
project_id = var.project_id

tuf_bucket = var.tuf_bucket
tuf_preprod_bucket = var.tuf_preprod_bucket
tuf_bucket_member = var.tuf_bucket_member
gcs_logging_enabled = var.gcs_logging_enabled
gcs_logging_bucket = var.gcs_logging_bucket
Expand Down
5 changes: 0 additions & 5 deletions terraform/gcp/modules/sigstore/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,6 @@ variable "tuf_bucket" {
description = "Name of GCS bucket for TUF root."
}

variable "tuf_preprod_bucket" {
type = string
description = "Name of GCS bucket for preprod/staged TUF root."
}

variable "tuf_bucket_member" {
type = string
description = "User(s) to grant access to the TUF GCS buckets."
Expand Down
63 changes: 0 additions & 63 deletions terraform/gcp/modules/tuf/tuf.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,66 +90,3 @@ resource "google_storage_bucket_iam_member" "tuf_sa_editor" {

depends_on = [google_storage_bucket.tuf, google_service_account.tuf-sa]
}

resource "google_storage_bucket" "tuf_preprod" {
name = var.tuf_preprod_bucket
location = var.region
project = var.project_id

storage_class = var.storage_class
uniform_bucket_level_access = true

versioning {
enabled = true
}

lifecycle_rule {
action {
type = "Delete"
}
condition {
with_state = "ANY"
num_newer_versions = 10
}
}
lifecycle_rule {
action {
type = "Delete"
}
condition {
days_since_noncurrent_time = 730
}
}

dynamic "logging" {
for_each = var.gcs_logging_enabled ? [1] : []
content {
log_bucket = var.gcs_logging_bucket
}
}

website {
main_page_suffix = var.main_page_suffix
}
}

resource "google_storage_bucket_iam_member" "public_tuf_preprod_member" {
bucket = google_storage_bucket.tuf_preprod.name
role = "roles/storage.legacyObjectReader"
member = var.tuf_bucket_member

depends_on = [google_storage_bucket.tuf_preprod]
}

resource "google_storage_bucket_iam_member" "tuf_sa_preprod_editor" {
for_each = toset([
"roles/storage.objectUser",
"roles/storage.legacyBucketReader"
])

bucket = google_storage_bucket.tuf_preprod.name
role = each.key
member = format("serviceAccount:%s@%s.iam.gserviceaccount.com", var.tuf_service_account_name, var.project_id)

depends_on = [google_storage_bucket.tuf_preprod, google_service_account.tuf-sa]
}
5 changes: 0 additions & 5 deletions terraform/gcp/modules/tuf/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,6 @@ variable "tuf_bucket" {
description = "Name of GCS bucket for TUF root."
}

variable "tuf_preprod_bucket" {
type = string
description = "Name of GCS bucket for preprod/staged TUF root."
}

variable "tuf_bucket_member" {
type = string
description = "User, group, or service account to grant access to the TUF GCS buckets. Use 'allUsers' for general access, or e.g. group:[email protected] for granular access."
Expand Down